CVE-2023-33730

CRITICAL

Escanav Escan Management Console - Cleartext Transmission

Title source: rule

Description

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.

Exploits (1)

nomisec WRITEUP 1 stars

by sahiloj · poc

https://github.com/sahiloj/CVE-2023-33730

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/sahiloj/CVE-2023-33730/blob/main/CVE-2023-33730.md

Scores

CVSS v3 9.8

EPSS 0.0155

EPSS Percentile 81.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-319

Status published

Products (1)

escanav/escan_management_console 14.0.1400.2281

Published May 31, 2023

Tracked Since Feb 18, 2026